Cyber Defense eMagazine June 2021 Edition

More documents

Recommendations

Info

The media headlines refer to these attacks as ‘data breaches’, yet the default approach to data security for all these organizations has been concentrated on protecting the network - to little effect. In many cases, these data breaches have seen malicious actors access the organization’s network, sometimes for long periods of time, and then have their choice of data that’s left exposed and vulnerable. So what’s the reasoning behind maintaining this flawed approach to data protection? The fact is that current approaches mean it is simply not possible to implement the level of security that sensitive data demands when it is in transit without compromising network performance. Facing an either/or decision, companies have blindly followed the same old path of attempting to secure the network perimeter, and hoping that they won’t be subject to the same fate as so many before them. However, consider separating data security from the network through an encryption-based information assurance overlay. This means that organizations can ensure that even when malicious actors enter the network, the data will still be unreachable and illegible, keeping the integrity, validity and confidentiality of the data intact without affecting overall performance of the underlying infrastructure. Regulations and compliance Regulations such as GDPR have caused many problems for businesses globally. There are multiple data regulations businesses must comply with, but GDPR in particular highlighted how vital it is for organizations to protect their sensitive data. In the case of GDPR, organizations are not fined based on a network breach; in fact, if a cyber hacker were to enter an organization’s network but not compromise any data, the company wouldn’t actually be in breach of the regulation at all. Regulations including GDPR and others such as HIPAA, CCPA, CJIS or PCI-DSS, are focused on protecting vulnerable data, whether it’s financial, healthcare or law enforcement data. The point is: it all revolves around data, but the way in which data needs to be secured will rely on business intent. By implementing an intent-based policy, organizations can ensure their data is being handled and secured in a way that will meet business goals and deliver provable and measurable outcomes, irrespective of how the regulatory environment might evolve over time - as it inevitably will. Preventing data breaches The growth in digitization means that there is now more data available to waiting malicious actors, and sensitive data is becoming increasingly valuable across all business sectors. To ensure the continued security of valuable, sensitive data, a change in mindset is required when it comes to any cyber security investment. A CISO must consider essential questions, for example: Will this technology protect my data as it moves throughout the network? Will this solution keep data safe, even if criminals are able to hack into the network? Will this strategy ensure the business is compliant with regulations concerning data security, and that if a network breach does occur, the business won’t Cyber Defense eMagazine – June 2021 Edition 62 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
isk having to pay any fines? The answer to these questions must be yes in order for any CISO to trust that their IT policy is effective and their data is safe. Moreover, with such a significant volume of data to secure, real-time monitoring of the organization’s information assurance posture is vital in order to efficiently and quickly react to an issue, and remediate it. With real-time, contextual meta-data, any non-compliant traffic flows or policy changes can be swiftly detected on a continuous basis to ensure the security posture is not affected. This means that a data breach would not follow in the wake of a network breach, which is inevitable. Removing the misdirected focus on protecting an organization’s network by implementing an information assurance approach that is concerned with securing data, is the best way that the security industry can move away from the damaging data breaches of the past. There really is no reason for these data breaches to frequently feature in the media headlines; the technology needed to keep data secure is ready and waiting for the industry to take advantage of. In order to avoid suffering the same fate as many organizations who have not protected their data, companies must secure their most valuable asset - in order to protect themselves and their reputation. About the Author Paul German is the CEO of Certes Networks. Paul is an experienced sales focused CEO with over 20 years of experience in selling, marketing, implementing and supporting networking and security technologies. He joined Certes in January 2015 where he initially led the EMEA region growing revenues 50% and establishing key relationships selling into multiple vertical markets, on which further success will be scaled. Paul prides himself with building great teams, knowing the right team will ultimately make the company successful. With Paul’s broad background in sales and marketing, operations, technology management, design and development he is able to bring teams together and lead successfully, establishing a solid foundation for future growth. Paul German can be reached online at Twitter: @pwgerman, LinkedIn: Paul German and at our company website https://certesnetworks.com/ Cyber Defense eMagazine – June 2021 Edition 63 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Key Business Lessons Learned from T
Page 3 and 4:
Clean Water Shows Us Why Cyber Cert
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - June 2021
Page 9 and 10:
Page 11 and 12: Cyber Defense eMagazine - June 2021
Page 33 and 34: Exploiting Vulnerabilities Back in
Page 35 and 36: Data Loss Prevention in Turbulent T
Page 37 and 38: ● ● ● ● ● Which sensitive
Page 39 and 40: A Digital Journey: A Long and Windi
Page 41 and 42: Unfortunately, some in IT may miss
Page 43 and 44: Why Ensuring Cyber Resilience Has N
Page 45 and 46: In terms of data safeguards, some o
Page 47 and 48: Case studies Recently, the GRIMM in
Page 49 and 50: About the Author Adam Nichols is th
Page 51 and 52: With 3G and 4G, mobile operators an
Page 53 and 54: Don’t Wait, Automate How An Indep
Page 55 and 56: configuration, but also for faster
Page 57 and 58: Data breaches can lead to huge fina
Page 59 and 60: Whom Do You Give Access to Communit
Page 61: Reapproaching Cybersecurity in A Di
Page 65 and 66: Penetration testing essence Being o
Page 67 and 68: In a nutshell Brand reputation and
Page 69 and 70: Plan Planning for ICS Security need
Page 71 and 72: About the Author Dirk Schrader is t
Page 73 and 74: Joseph Carson, chief security scien
Page 75 and 76: 1. Educate your people on the impor
Page 77 and 78: we’ve dealt with many breaches th
Page 79 and 80: Clean Water Shows Us Why Cyber Cert
Page 81 and 82: How Can You Protect the Security Pe
Page 83 and 84: Best Practices for Mitigating Insid
Page 85 and 86: Why We Care About Cybersecurity Hyg
Page 87 and 88: The Third-Party Remote Access Secur
Page 89 and 90: Evaluating Third-Party Security Pra
Page 91 and 92: wake of the massive SolarWinds atta
Page 93 and 94: · Rethinking Unattended Access Day
Page 95 and 96: About The Author Ryan Heidorn is a
Page 97 and 98: In the traditional fortress model,
Page 99 and 100: Threat Hunting: Taking Action to Pr
Page 101 and 102: posture built on anticipating the u
Page 103 and 104: • Organizations depend upon CISOs
Page 105 and 106: Two Sides of the Same Coin: Providi
Page 107 and 108: security protocols. Given the const
Page 109 and 110: In this article, we will explain wh
Page 111 and 112: Protect Your Business from DDoS Att
Page 113 and 114:
Undermining Public Trust The cycle
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 127 and 128:
Page 129:
show all

Cyber Defense eMagazine June 2021 Edition

Create successful ePaper yourself

Delete template?

Save as template?